Tiny Rebrand DocsHome

OAuth Endpoints

Complete reference for TinyRebrand's OAuth 2.0 authentication endpoints

TinyRebrand's OAuth 2.0 implementation provides secure authentication and authorization. These endpoints handle token generation, user authorization, and token management.

Available Endpoints

Complete list of OAuth endpoints and their purposes:
EndpointMethodPurposeRequired Scope
/oauth/tokenPOSTExchange credentials for tokensNone (public)
/oauth/authorizeGET/POSTAuthorization flowNone (public)
/oauth/googlePOSTGoogle SSONone (public)
/oauth/revokePOSTRevoke tokensNone (public)
/oauth/introspectPOSTValidate tokensNone (public)

POST /oauth/token

POST /oauth/token
Exchange credentials for access tokens using password grant.

Required Scope: None (public)

Request:

curl -X POST https://api.tinyrebrand.com/api/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "password",
    "client_id": "web-client",
    "username": "[email protected]",
    "password": "password123"
  }'

Parameters:

ParameterTypeRequiredDescription
grant_typestringMust be 'password' or 'refresh_token'
client_idstringClient identifier
usernamestringUser email address (for password grant)
passwordstringUser password (for password grant)
refresh_tokenstringRefresh token (for refresh grant)
tokenstring2FA code (if required)

Response:

{
  "status": 200,
  "code": "OK",
  "message": "Login successful",
  "data": {
    "access_token": "at_1234567890abcdef",
    "refresh_token": "rt_abcdef1234567890",
    "token_type": "Bearer",
    "expires_in": 3600,
    "scope": "user:read links:read links:write",
    "user": {
      "id": "user123",
      "email": "[email protected]",
      "name": "John Doe"
    },
    "limits": {
      "domains": { "used": 2, "limit": 3 },
      "links": { "used": 150, "limit": 500 }
    }
  }
}

GET /oauth/authorize

GET /oauth/authorize
Redirect users to the authorization endpoint for OAuth code flow.

Required Scope: None (public)

Request:

curl -X GET "https://api.tinyrebrand.com/api/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https%3A%2F%2Fyourapp.com%2Fcallback&scope=user%3Aread%20links%3Aread&state=random_state_string"

Parameters:

ParameterTypeRequiredDescription
response_typestringMust be 'code'
client_idstringYour OAuth client ID
redirect_uristringURL encoded callback URL
scopestringSpace-separated scopes
statestringCSRF protection string

Response:

{
  "status": 302,
  "code": "OK",
  "message": "Redirect to authorization page",
  "data": {
    "redirect_url": "https://app.tinyrebrand.com/oauth/authorize?..."
  }
}

POST /oauth/google

POST /oauth/google
Authenticate using Google Sign-In.

Required Scope: None (public)

Request:

curl -X POST https://api.tinyrebrand.com/api/oauth/google \
  -H "Content-Type: application/json" \
  -d '{
    "token": "google_id_token_here",
    "client_id": "web-client"
  }'

Parameters:

ParameterTypeRequiredDescription
tokenstringGoogle ID token
client_idstringClient identifier

Response:

{
  "status": 200,
  "code": "OK",
  "message": "Google login successful",
  "data": {
    "access_token": "at_google_1234567890abcdef",
    "refresh_token": "rt_google_abcdef1234567890",
    "token_type": "Bearer",
    "expires_in": 3600,
    "scope": "user:read links:read links:write",
    "user": {
      "id": "user123",
      "email": "[email protected]",
      "name": "Google User"
    }
  }
}

POST /oauth/revoke

POST /oauth/revoke
Revoke access or refresh tokens.

Required Scope: None (public)

Request:

curl -X POST https://api.tinyrebrand.com/api/oauth/revoke \
  -H "Content-Type: application/json" \
  -d '{
    "token": "at_1234567890abcdef",
    "token_type_hint": "access_token"
  }'

Parameters:

ParameterTypeRequiredDescription
tokenstringToken to revoke
token_type_hintstringToken type hint (access_token or refresh_token)

Response:

{
  "status": 200,
  "code": "OK",
  "message": "Token revoked successfully",
  "data": {
    "revoked": true
  }
}

POST /oauth/introspect

POST /oauth/introspect
Validate token and get metadata.

Required Scope: None (public)

Request:

curl -X POST https://api.tinyrebrand.com/api/oauth/introspect \
  -H "Content-Type: application/json" \
  -d '{
    "token": "at_1234567890abcdef"
  }'

Parameters:

ParameterTypeRequiredDescription
tokenstringToken to introspect

Response:

{
  "status": 200,
  "code": "OK",
  "message": "Token introspected successfully",
  "data": {
    "active": true,
    "token_type": "Bearer",
    "scope": "user:read links:read",
    "client_id": "web-client",
    "username": "[email protected]",
    "exp": 1719936000
  }
}